The following is actually a bug report that I was almost ready to submit until I noticed that the bugzilla discloses the email addresses of commenters. I object to that, so I’m posting here.
It would be very desirable to be able to use hyphens and/or underscores as part of the names for road-warrior client connection configurations. I want to issue separate certificates for each client device; this is to make it possible to revoke the certificate for a lost or stolen device without disturbing other devices. The idea here is to set up two-part names such as mike-desktop and mike-phone. I had already followed this pattern when setting up OpenVPN using easy-tls on my Gentoo machine.
Note that an image (Roadwarrior_options.png) in the documentation on your website for OpenVPN shows “Test network” as an example of a connection name. This would also fail validation.
I figure that a motivation for restricting the character set for connection names is that these are also used to make filenames. I limited my request to include only hyphens and underscores since they are pretty universally allowed in filenames–and long-time Unix people like me shudder at spaces in filenames.
A second, and even more severe issue comes when I tried using one of these binomial names: the error message “Name must only contain characters” uses a terrible choice of words. Any reasonably computer-literate person should understand “character” to mean, at the very minimum, any printable ASCII character. (Another bug report I saw before filing this bug understood “characters” to include printable Unicode codepoints, like ü.) I had to search through the code (yikes, in PERL!) to find what you mean by “characters” in this instance. The regex on line 3889 of /srv/web/ipfire/cgi-bin/ovpnmain.cgi is /^[a-zA-Z0-9]+$/, which tells me that the message should read “Name must contain only letters and digits”. (Of course, I’d prefer a regex more like /^\w[\w-]*$/and a error text like “…only letters, digits, hyphens, and underscores but not beginning with a hyphen.”)
REPRODUCTION STEPS
- Set up CA and server certificates and needed options as outlined in the documentation.
- Under Connection Status and Control, click Add, then Add on the next page (Connection Type).
- In the Name field enter a sequence of ASCII letters and digits plus any ASCII character that is not a letter or digit.
- Fill out the fields as required under then Generate a certificate radio button.
- Click Save
OBSERVED RESULTS
The Connection form redisplays with the error message “Oops, something went wrong / Name must only contain characters.” Note that there is no highlight of the offending field within the form.
EXPECTED RESULTS
Redisplay of the main OpenVPN page after successful generation of the client certificate.
As a workaround, I used a camel-cased version of my binomial name. This is suboptimal: if either the person-name part or the device-name part has multiple names, the resulting names in the list are less clear. (For example, “JimDellLaptop” is ambiguous.) I was sorely tempted to edit the regex instead. (Thank you for including vim in the base install.)